Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract As days go by new internet technologies like Big data, Cloud computing, new trends of e-business transactions keep
expanding , but the information security remains the great concern for the internet users, online service providers and
programmers, for researchers who are finding solutions to the current problems which are information security concerned, and
for the system developers who involved in finding system data safety requirements, analyzing ,designing the algorithms, coding,
testing, deploying, maintaining the current standard versions of the Intrusion detection system becomes a great challenge. The
existing Intrusion detection system (IDS) that needs to be upgraded and tested online to the latest attacks and threats with
emerging new technology. Current offline Intrusion detection systems found to be outdated as e-commerce trends increases and
the demand for Real time Intrusion detection system becomes more prominent in current complex high speed data network
environments.
In this manuscript we present key features required for deploying the real time data mining based intrusion detection
system that is going to be fit in todays complex network environment. We present important aspects of the domain in a
systematic way. First we present main objectives and requirements of the real-time data mining based IDS and next we present
current approach of network attack scenario then we propose Data mining based IDS model and its components required for
detecting and preventing and responding to the attacks. Then we present the cost effective, more accurate detective methods, and
with high detection rate, accuracy and low false positive rate oriented data mining techniques which are related to Real time IDS
and next present the issues related to real time data mining based IDS,and parameters concerned for evaluating the IDS, finally
present the findings and the limitations of the study with conclusion.
Keyword Real time ID, Alert reduction, False positive rate, Anomaly detection, DARPA data set.
.
1. Introduction
The work of intrusion detection system (IDS) must be able to detect, prevent, and react to the intrusions in computer data
networks. Intrusions are the malicious activities intended to steal and destroy and deny the services to the intended users.
Intrusion detection system generally classified based on the data source in which it depends on. They are like host based,
network based, sensor alerts, and application logs. The key components of IDS are sensors and detectors, database, management
server, management interface. Based on Time Aspects the IDS classified of two types the one is offline IDS and real time IDS.
The difference between the two, the first one offline -IDS examines and analysis and detects the intrusions after collecting the
data from online and detects for intrusions when session are switched off mode, the other Real time IDS which examines ,detects
for intrusion when the sessions are in on line mode. Intrusion detection system employs two different analysis strategies that they
are anomaly and misuse detection methods. In current scenario the tradition methods like misuse detection methods are not
found to be much useful and need to be combined with data mining techniques to produce more accurate detection rate of
intrusions. Most of the intrusion detection systems have binary- classify algorithms which differentiate between which is normal
and intrusion.
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -6
ISSN: 2395-0560
In this paper we are interested in presenting the Real time data mining based intrusion Detection system. And focus more on
using applied Anomaly detection analysis strategy. In the next section we present role of real time IDS and important features
which are meant for intrusion detection. In later section we extract some features and present which is required for real time data
mining based intrusion detection. [1, 4]
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -7
ISSN: 2395-0560
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -8
ISSN: 2395-0560
The main issue in real-time intrusion detection system is that enormous and continuous incoming data that enters from the
outside information source i.e. may be internet or local networks need to be stored, handled and monitored, distributed carefully.
In our IDS model we introduced a new component called load balancing switch for distributing raw data across multiple sensors
and IDS detectors and computing resources, such as disk drives, central processing units or network links. Altogether model is
build to cope with real time environment. The load balancing component intended to optimize resource use, minimize response
time, maximize throughput, and to avoid overload of any one of the resources.
The advantage of using multiple components with load balancing instead of a single component may increase reliability
through redundancy. In our proposed model Load balancing is provided by dedicated software, hardware, such as multilayer
switch, a domain Name System server process. [9, 14]
3.1. Challenges of Managing an Intrusion Detection System (IDS)
Intrusion detection systems employ two main detection methods mainly Anomaly and Misuse detection. Studies reveal that there
are many approaches to these detection methods but main challenging of these approaches is that they generate enormous
amount of alerts in a day which are unmanageable. These include: managing the flood of alerts, creating actionable reports, and
following-up on the reported alerts. The 99% of alerts are found to be false alerts or false positive when legitimate actions were
falsely classified as false positive. The main challenge is to balance the imbalance between actual and false alarms. Through
study with research papers we found common that is in anomaly based IDS produce more false positive alerts or alarms to
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -9
ISSN: 2395-0560
Categorical
Association Analysis
o Apriori
o FP-Growth
Hidden Markow Model
Supervised
Regression
o Linear
o Polynomial
Decision Trees
Random Forests
Classification
o KNN
o Trees
o Logistic regression
o Navie Bayes
o SVM
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -10
ISSN: 2395-0560
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -11
ISSN: 2395-0560
In this paper we explored features of IDS which gives starting point for the researchers to identify the area in which he/she
in interested in.
Presented IDS architecture for real time data mining based IDS and load balancing switch will help effectively in managing
intrusions in data networks, in real time distributed network ,in load balancing & processing the data
Challenges of Managing an Intrusion Detection System (IDS) in the Enterprise which is presented in this paper, is very
useful for researchers to keep track issues and find new solutions during their research work.
The presented applied techniques focus more on Machine learning algorithms which are very much required especially for
real time data mining based IDS. Advantages found to be more accurate than human crafted rules. Disadvantages found to
be Machine learning (ML) needs a lot of labeled data.
Presented techniques toward reducing False Positives found to be more useful in alert handling and false reduction. They are
fully automated and able to adjust to environment changes without a human intervention.
Reviewed IDS evaluating Parameters reveals that other than DARPA and KDD CUP 99 dataset there are several other data
sets were used by the researchers to evaluate the better efficiency and performance of the proposed techniques and to
compare the results with others. [16,17,18,19]
6. Conclusion
In this paper we presented the explored main features of Real time IDS and data mining techniques which required for
enhancement of real time IDS. We focused on data mining techniques which are aimed to reduce false positives and alerts load.
The presented detection and alert processing techniques which are mostly used during last decade for reducing false positives
and alerts load. There is increasing interest in data mining techniques to get better results. We find there are some open issues
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -12
ISSN: 2395-0560
ACKNOWLEDGEMENT
Im proud of the blessings of wisdom and understanding that God has bestowed upon us. I would like to thank Prof. Philip
K.Chan from Computer science Department, Florida Institute of Technology, Melbourne, Prof.Ahmad Faraahi from Payame
Noor University,Tehran, Iran and Prof. N.M shekokar for their valuable study and reviews on this paper entitled. Finally I
thank Prof. Dr.Arul Sir who is my guide and other Unknown authors for their ideas, encouragement and support.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
http://www.idrbt.ac.in/PDFs/PT%20Reports/2010/IDS_Shilpa_2010.pdf
http://www.docin.com/p-50767073.html
http://minds.cs.umn.edu/talks/tutorial.pdf
http://en.wikipedia.org/wiki?curid=328144
http://minds.cs.umn.edu/talks/tutorial.pdf
http://www.acc.com/_cs_upload/vl/membersonly/SampleFormPolicy/1189499_1.doc
http://ewh.ieee.org/cmte/cis/mtsc/ieeecis/tutorial2007/Dipankar_Dasgupta_2007.pdf
http://www.symantec.com/region/br/request/relatorio/en/Shared/files/5_Attackers_Entities.pdf
http://www.techrepublic.com/resource-library/whitepapers/load-balanced-with-distributed-self-organization-in-file-sharing-and-fileaccessing/
http://taags.net/
http://icmping.com/index.php/solutions/load-balancing
http://seminarprojects.com/Thread-real-time-data-mining-based-intrusion-detection-full-report
http://www.ijser.org/viewPaperDetail.aspx?I014046
http://www.citefactor.org/article/index/2782/data-mining-techniques-for-real-time-intrusion-detection-systems
http://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-s
Monali Shetty, Prof. N.M.Shekokar Data Mining Techniques for Real Time Intrusion Detection Systems in International Journal of
Scientific & Engineering Research Volume 3, Issue 4, April-2012
Asieh Mokarian, Ahmad Faraahi, Arash Ghorbannia Delavar False Positive Reduction Techniques in Intrusion Detection System- A
Review in IJCSNS International Journal of Computer Science and network Security, VOL.13 No.10,October 2013
http://www.ee.ryerson.ca/~bagheri/papers/cisda.pdf
http://people.scs.carleton.ca/~soma/id-2007w/readings/mahoney-darpa.pdf
Prof. Wenke Lee, Prof. Philip K. Department of computer science, Florida Institute of Technology, Melbourne FL32901 , Real Time
Data Mining-based Intrusion Detection
__________________________________________________________________________________________________
2015, IRJIE-All Rights Reserved
Page -13